bug#7797: 24.0.50; [EasyPG/Gnus] always pick up the first key from `gpg --list-key $SENDER`

[Luca Capello]

reopen 7797
thanks

Hi Daiki!

On Fri, 07 Jan 2011 10:34:59 +0100, Daiki Ueno wrote:
> Daiki Ueno <ueno@unixuser.org> writes:
>
>> Luca Capello <luca@pca.it> writes:
>>
>>> gpg: skipped "8D3867D89DDB992B": unusable secret key
>>> gpg: signing failed: unusable secret key
>>
>> You may want to try the patch I posted last month:
>> http://lists.gnu.org/archive/html/emacs-devel/2010-12/msg00624.html

Thank you for the link, I was quite disappointed no one reported it on
the GNU BTS.  I added both Ashish and Daniel to the cc:, discussion
requested below.

>> Although this patch is a workaround, I'm going to push it for the time
>> being.
>
> OK, I fixed this in a better way (r102771).

Please, can you post it here, so I do not have to download the bzr
repository?  The Savannah bzr repository is disabled
<http://bzr.savannah.gnu.org/lh/emacs> and the Launhpad one
<http://bazaar.launchpad.net/~vcs-imports/emacs/trunk/files> does not
have it yet.

> My test case is:
>
> $ mv .gnupg .gnupg.bak
> $ gpg --gen-key # create a key foo@example.com
> $ gpg --gen-key # create a key bar@example.com
> $ gpg --gen-key # create a key baz@example.com
> $ gpg --edit-key foo@example.com # revoke foo@example.com
> $ gpg --delete-secret-key bar@example.com
>
> (mml2015-epg-find-usable-secret-key
>   (epg-make-context 'OpenPGP) "foo@example.com" 'sign)
> => nil
> (mml2015-epg-find-usable-secret-key
>   (epg-make-context 'OpenPGP) "bar@example.com" 'sign)
> => nil
> (mml2015-epg-find-usable-secret-key
>   (epg-make-context 'OpenPGP) "baz@example.com" 'sign)
> => (epg-key . ...)

I am sorry, but I still think this is not the correct solution, thus I
reopened the bug (control server bcc:ed).  I think the cases should be
the following, which I have (sort of) explained in my first post and it
is similar to Ashish's one at:

  <http://lists.gnu.org/archive/html/emacs-devel/2010-12/msg00612.html>

1) by default, EasyPG does not pass any key-id to GnuPG, simply relying
   on ~/.gnupg/gpg.conf.  After all, GnuPG configuration is done there,
   and *by default* all the other programs working with GnuPG should
   obey that configuration.

   And this is how I read `mm-sign-option':

     Option how to create signed parts.
     nil, use the default keys without asking;
     `guided', let you select signing keys from the menu.

   However, `mm-encrypt-option' contains the real behavior according to
   the code:

     Option of creating encrypted parts.
     nil, use the first public-key matching the "From:" header as the
      recipient;
     `guided', ask user to select recipient keys from the menu.
   
2) if `mml2015-signers' is set, it overrides point 1.

   BTW1, the documentation for that variable should be corrected: AFAIK
   you can set it to multiple keys, which means that the documentation
   should read "A list of your own key ID(s)...", note the plural.

   BTW2, this variable is not mentioned in any file in the doc/ folder,
   which is another bug.

3) introduce a new `mml2015-use-from-address' variable:
   - if set, it then acts like the way you explain above.
   - if not set, nothing changes WRT to points 1 and 2.

4) introduce also a new `mml2015-default-user-id' variable, which, if
   set, overrides *everything* from the above, similar to
   `pgg-default-user-id' reported by Ashish at the link above.

I would have wanted to reply only after having implemented my solution,
but since I am quite busy right now (and I will be for the whole next
week as well), it is better to put here my ideas *now*.  For this
reason, I have probably missed something of the whole situation, thus
please forgive me.

Thx, bye,
Gismo / Luca

pgps8amKKYgAU.pgp
Description: PGP signature